Thursday, 2 August 2018

Online forum Reddit user data compromised after 'serious' hack

Online forum Reddit has confirmed a data breach in which usernames and encrypted password data were compromised, but has not said how many of its millions of users have been affected.
The social media network, which has 234 million unique users, posted details of the hack, saying two sets of data had been accessed - one from 2007 and the other earlier this year.
Between June 3 and 17, a set of data which included logs and databases linked to daily email digests it sends out to users was accessed, it said.

The 2007 breach included account details, and all public and private posts between the site's launch in 2005 and May 2007.

In a statement, the firm said: "Although this was a serious attack, the attacker did not gain write access to Reddit systems; they gained read-only access to some systems that contained backup data, source code and other logs."

Reddit is messaging user accounts "if there's a chance the credentials taken reflect the account's current password" and has advised people to check Reddit inboxes as well as emails to see if they were affected.

The company's chief technology officer, Christopher Slowe, said: "If your account credentials were affected and there's a chance the credentials relate to the password you're currently using on Reddit, we'll make you reset your Reddit account password.

"Whether or not Reddit prompts you to change your password, think about whether you still use the password you used on Reddit 11 years ago on any other sites today.

"If your email address was affected, think about whether there's anything on your Reddit account that you wouldn't want associated back to that address."
Reddit's response to the breaches has been met with some criticism within the security community.
Troy Hunt, a Microsoft regional director, said on Twitter that it sounded like Reddit was "relying on people to check if they've been receiving email digests and draw a conclusion from that".

SKY       News.

No comments:

Post a Comment